You are here

V-184: Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks

June 24, 2013 - 12:56am

Addthis

PROBLEM:

Google Chrome Flash Plug-in Lets Remote Users Conduct Clickjacking Attacks

PLATFORM:

Google Chrome prior to 27.0.1453.116

ABSTRACT:

A vulnerability was reported in Google Chrome.

REFERENCE LINKS:

Stable Channel Update
SecurityTracker Alert ID:  1028694
CVE-2013-2866

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can create specially crafted Flash content that, when loaded by the target user, will display the Flash settings in a transparent manner, which may allow the remote user to cause the target user to modify their Flash settings. This may allow the remote user to obtain potentially sensitive information from the target user's camera and microphone.

IMPACT:

A remote user can conduct clickjacking attacks against the target user's Flash configuration.

SOLUTION:

The vendor has issued a fix (27.0.1453.116).

Addthis